1. Field of Invention
The invention relates to methods for detecting unwanted intrusions into computer networks. More particularly, data pertaining to targeted internet protocol addresses in a network are compared to data from the IP addresses of possible intruders using a vector space model, compared in a dissimilarity matrix, and clustered for subsequent analysis.
2. Description of Prior Art
A great deal of very sensitive information resides in computer networks. This information ranges from personal credit card information to nuclear weapons design. Typically, such information is heavily protected and highly sought after by various illicit groups. These groups use a wide variety of means to gain access to this sensitive data.
Firewall blocking is generally the first preventive measure in guarding against cyber attacks. In addition to firewall blocking, misuse detection and anomaly detection are also used. In the following description, the person or computer in the network being attacked is referred to as the target or destination, and the intruder or attacking computer that attempts to remain undetected is referred to as the source.